At the end of the recent webinar hosted by Jack Jones to discuss his Cyber Risk Quantification Buyer’s Guide, an audience member posted two questions in the chat, “What does a hybrid between quantitative and qualitative analysis look like?” and “Is that combination the goal?”
In my last blog post on qualitative risk measurement, I discussed three key aspects that often make the difference between good measurements and bad measurements — scope, model, and data. I also pointed out that these apply to both qualitative and quantitative risk measurement.
What makes for a high-quality qualitative risk measurement? The answer is simple. We just have to go back to the scope, model, and data elements
There are a lot of blog posts and conference presentations that discuss the differences between qualitative vs. quantitative risk analysis. Most of the time, those discussions focus on the challenges or perceived flaws in one or the other.
